CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-24016
https://notcve.org/view.php?id=CVE-2021-24016
30 Sep 2021 — An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. Una neutralización inapropiada de los elementos de la fórmula en un archivo csv en Fortinet FortiManager versión 6.4.3 y por debajo, versión 6.2.7 y por debajo, permite al atacante ejecutar comandos arbitrarios por medio de un campo... • https://fortiguard.com/advisory/FG-IR-20-190 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32587
https://notcve.org/view.php?id=CVE-2021-32587
06 Aug 2021 — An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. Una vulnerabilidad de control de acceso inapropiado en la interfaz GUI de FortiManager y FortiAnalyzer versiones 7.0.0, 6.4.5 e inferiores, 6.2.8 e inferiores, 6.0.11 e inferiores... • https://fortiguard.com/advisory/FG-IR-21-059 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-32597
https://notcve.org/view.php?id=CVE-2021-32597
06 Aug 2021 — Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. Una neutralización inapropiada de la entrada durante la generación de la página web (CWE-79) en FortiManager y FortiAnalyzer versiones 7.0.0, 6.4.5 y por debajo, 6.2.7 y por debajo de la in... • https://fortiguard.com/advisory/FG-IR-21-054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-32603
https://notcve.org/view.php?id=CVE-2021-32603
05 Aug 2021 — A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. Una vulnerabilidad de tipo server-side request forgery (SSRF) (CWE-918) en FortiManager y FortiAnalyser GUI versiones 7.0.0, versiones 6.4.5 y por debajo, versiones 6.2.7 y por debajo, versiones 6... • https://fortiguard.com/advisory/FG-IR-21-050 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32598
https://notcve.org/view.php?id=CVE-2021-32598
05 Aug 2021 — An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. Una vulnerabilidad de neutralización inapropiada de las secuencias CRLF en los encabezados HTTP ("HTTP Response Splitting")... • https://fortiguard.com/advisory/FG-IR-21-063 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-9289
https://notcve.org/view.php?id=CVE-2020-9289
16 Jun 2020 — Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. Un uso de una clave criptográfica embebida para cifrar datos de contraseña en la configuración de la CLI en FortiManager versiones 6.2.3 y posteriores, FortiAnalyzer versiones 6.2.3 y posteriores puede permitir a un... • https://github.com/synacktiv/CVE-2020-9289 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-17657
https://notcve.org/view.php?id=CVE-2019-17657
07 Apr 2020 — An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. Una vulnerabilidad de Consumo No Controlado de Recursos en Fortinet FortiSwitch por debajo de las versiones 3.6.11, 6.0.6 y 6.2.2, FortiAnalyzer ... • https://fortiguard.com/psirt/FG-IR-19-013 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17654
https://notcve.org/view.php?id=CVE-2019-17654
15 Mar 2020 — An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. Una vulnerabilidad de Verificación Insuficiente de la Autenticidad de Datos en FortiManager versiones 6.2.1, 6.2.0, 6.0.6 y por debajo, puede permitir a un atacante no autenticado llevar a cabo un ataque de tipo Cross-Site WebSocket Hijacking (CSWSH). • https://fortiguard.com/psirt/FG-IR-19-191 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-3613
https://notcve.org/view.php?id=CVE-2015-3613
04 Feb 2020 — A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page Se presenta una vulnerabilidad en FortiManager versiones 5.2.1 y anteriores y versiones 5.0.10 y anteriores, en la página de respaldo FTP de la Interfaz de Usuario Web. • http://www.securityfocus.com/bid/74444 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3612
https://notcve.org/view.php?id=CVE-2015-3612
04 Feb 2020 — A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) en FortiManager versiones 5.2.1 y anteriores y versiones 5.0.10 y anteriores, por medio de un parámetro no especificado en la página del servicio de actualización automática de FortiWeb. • http://www.securityfocus.com/bid/74444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •